void *copyAllocPinnedMemoryClean(void *ptr, size_t size, size_t original_size,
const char *file, int line)
{
void *nptr;
if ((nptr = qaeCryptoMemAlloc(size, file, line)) == NULL) {
MEM_WARN("%s: pinned memory allocation failure\n", __func__);
return NULL;
}
memcpy(nptr, ptr, original_size);
return nptr;
}
/******************************************************************************
* function:
* qat_alloc_pad(unsigned char *in,
* int len,
* int rLen,
* int sign)
*
* @param in [IN] - pointer to Flat Buffer
* @param len [IN] - length of input data (hash)
* @param rLen [IN] - length of RSA
* @param sign [IN] - 1 for sign operation and 0 for decryption
*
* description:
* This function is used to add PKCS#1 padding into input data buffer
* before it pass to cpaCyRsaDecrypt() function.
* The function returns a pointer to unsigned char buffer
******************************************************************************/
static unsigned char *qat_alloc_pad(unsigned char *in, int len,
int rLen, int sign)
{
int i = 0;
/* out data buffer should have fix length */
unsigned char *out = qaeCryptoMemAlloc(rLen, __FILE__, __LINE__);
DEBUG("- Started\n");
if (NULL == out) {
WARN("out buffer malloc failed\n");
QATerr(QAT_F_QAT_ALLOC_PAD, QAT_R_OUT_MALLOC_FAILURE);
return NULL;
}
/* First two char are (0x00, 0x01) or (0x00, 0x02) */
out[0] = 0x00;
if (sign) {
out[1] = 0x01;
} else {
out[1] = 0x02;
}
/*
* Fill 0xff and end up with 0x00 in out buffer until the length of
* actual data space left
*/
for (i = 2; i < (rLen - len - 1); i++) {
out[i] = 0xff;
}
/*
* i has been incremented on beyond the last padding byte to exit for
* loop
*/
out[i] = 0x00;
/* shift actual data to the end of out buffer */
memcpy((out + rLen - len), in, len);
DEBUG("- Finished\n");
return out;
}
static int
build_encrypt_op(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding,
CpaCyRsaEncryptOpData ** enc_op_data,
CpaFlatBuffer ** output_buffer, int alloc_pad)
{
CpaCyRsaPublicKey *cpa_pub_key = NULL;
int rsa_len = 0;
const BIGNUM *n = NULL;
const BIGNUM *e = NULL;
const BIGNUM *d = NULL;
DEBUG("- Started\n");
RSA_get0_key((const RSA*)rsa, &n, &e, &d);
/* Note: not checking 'd' as it is not used */
if (n == NULL || e == NULL) {
WARN("RSA key values n = %p or e = %p are NULL\n", n, e);
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_N_E_NULL);
return 0;
}
if (padding != RSA_PKCS1_PADDING) {
WARN("Unknown Padding %d\n", padding);
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_UNKNOWN_PADDING);
return 0;
}
cpa_pub_key = OPENSSL_zalloc(sizeof(CpaCyRsaPublicKey));
if (NULL == cpa_pub_key) {
WARN("Public Key zalloc failed\n");
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_PUB_KEY_MALLOC_FAILURE);
return 0;
}
rsa_len = RSA_size(rsa);
/* Output and input data MUST allocate memory for RSA verify process */
/* Memory allocation for EncOpData[IN] */
*enc_op_data = OPENSSL_zalloc(sizeof(CpaCyRsaEncryptOpData));
if (NULL == *enc_op_data) {
WARN("Failed to allocate enc_op_data\n");
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_ENC_OP_DATA_MALLOC_FAILURE);
OPENSSL_free(cpa_pub_key);
return 0;
}
/* Setup the Encrypt operation Data structure */
(*enc_op_data)->pPublicKey = cpa_pub_key;
DEBUG("flen=%d padding=%d\n", flen, padding);
/* Passing Public key from big number format to big endian order binary */
if (qat_BN_to_FB(&cpa_pub_key->modulusN, n) != 1 ||
qat_BN_to_FB(&cpa_pub_key->publicExponentE, e) != 1) {
WARN("Failed to convert cpa_pub_key elements to flatbuffer\n");
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_N_E_CONVERT_TO_FB_FAILURE);
return 0;
}
if (alloc_pad) {
(*enc_op_data)->inputData.pData =
qat_alloc_pad((Cpa8U *) from, flen, rsa_len, 0);
} else {
(*enc_op_data)->inputData.pData =
(Cpa8U *) copyAllocPinnedMemory((void *)from, flen, __FILE__,
__LINE__);
}
if (NULL == (*enc_op_data)->inputData.pData) {
WARN("Failed to allocate (*enc_op_data)->inputData.pData\n");
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_INPUT_DATA_MALLOC_FAILURE);
return 0;
}
if (alloc_pad)
(*enc_op_data)->inputData.dataLenInBytes = rsa_len;
else
(*enc_op_data)->inputData.dataLenInBytes = flen;
/*
* Memory allocation for outputBuffer[OUT] OutputBuffer size initialize
* as the size of rsa size
*/
(*output_buffer) =
(CpaFlatBuffer *) OPENSSL_malloc(sizeof(CpaFlatBuffer));
if (NULL == (*output_buffer)) {
WARN("Failed to allocate output_buffer\n");
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_OUTPUT_BUF_MALLOC_FAILURE);
return 0;
}
/*
* outputBuffer size should large enough to hold the Hash value but
* smaller than (RSA_size(rsa)-11)
*/
(*output_buffer)->dataLenInBytes = rsa_len;
(*output_buffer)->pData = qaeCryptoMemAlloc(rsa_len, __FILE__, __LINE__);
if (NULL == (*output_buffer)->pData) {
WARN("Failed to allocate (*output_buffer)->pData\n");
QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_OUTPUT_BUF_PDATA_MALLOC_FAILURE);
return 0;;
}
DEBUG("- Finished\n");
return 1;
}
static int
build_decrypt_op_buf(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding,
CpaCyRsaDecryptOpData ** dec_op_data,
CpaFlatBuffer ** output_buffer, int alloc_pad)
{
int rsa_len = 0;
CpaCyRsaPrivateKey *cpa_prv_key = NULL;
const BIGNUM *p = NULL;
const BIGNUM *q = NULL;
const BIGNUM *dmp1 = NULL;
const BIGNUM *dmq1 = NULL;
const BIGNUM *iqmp = NULL;
DEBUG("- Started\n");
RSA_get0_factors((const RSA*)rsa, &p, &q);
RSA_get0_crt_params((const RSA*)rsa, &dmp1, &dmq1, &iqmp);
if (p == NULL || q == NULL || dmp1 == NULL || dmq1 == NULL || iqmp == NULL) {
WARN("Either p %p, q %p, dmp1 %p, dmq1 %p, iqmp %p are NULL\n",
p, q, dmp1, dmq1, iqmp);
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_P_Q_DMP_DMQ_IQMP_NULL);
return 0;
}
/* Padding check */
if ((padding != RSA_NO_PADDING) && (padding != RSA_PKCS1_PADDING)) {
WARN("Unknown Padding %d\n", padding);
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_PADDING_UNKNOWN);
return 0;
}
cpa_prv_key =
(CpaCyRsaPrivateKey *) OPENSSL_zalloc(sizeof(CpaCyRsaPrivateKey));
if (NULL == cpa_prv_key) {
WARN("Failed to allocate cpa_prv_key\n");
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_PRIV_KEY_MALLOC_FAILURE);
return 0;
}
DEBUG("flen =%d, padding = %d \n", flen, padding);
/* output signature should have same length as RSA(128) */
rsa_len = RSA_size(rsa);
/* output and input data MUST allocate memory for sign process */
/* memory allocation for DecOpdata[IN] */
*dec_op_data = OPENSSL_zalloc(sizeof(CpaCyRsaDecryptOpData));
if (NULL == *dec_op_data) {
WARN("Failed to allocate dec_op_data\n");
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_DEC_OP_DATA_MALLOC_FAILURE);
OPENSSL_free(cpa_prv_key);
return 0;
}
/* Setup the DecOpData structure */
(*dec_op_data)->pRecipientPrivateKey = cpa_prv_key;
cpa_prv_key->version = CPA_CY_RSA_VERSION_TWO_PRIME;
/* Setup the private key rep type 2 structure */
cpa_prv_key->privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2;
if (qat_BN_to_FB(&cpa_prv_key->privateKeyRep2.prime1P, p) != 1 ||
qat_BN_to_FB(&cpa_prv_key->privateKeyRep2.prime2Q, q) != 1 ||
qat_BN_to_FB(&cpa_prv_key->privateKeyRep2.exponent1Dp, dmp1) != 1 ||
qat_BN_to_FB(&cpa_prv_key->privateKeyRep2.exponent2Dq, dmq1) != 1 ||
qat_BN_to_FB(&cpa_prv_key->privateKeyRep2.coefficientQInv, iqmp) != 1) {
WARN("Failed to convert privateKeyRep2 elements to flatbuffer\n");
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_P_Q_DMP_DMQ_CONVERT_TO_FB_FAILURE);
return 0;
}
if (alloc_pad) {
(*dec_op_data)->inputData.pData =
qat_alloc_pad((Cpa8U *) from, flen, rsa_len, 1);
} else {
(*dec_op_data)->inputData.pData =
(Cpa8U *) copyAllocPinnedMemory((void *)from, flen, __FILE__,
__LINE__);
}
if (NULL == (*dec_op_data)->inputData.pData) {
WARN("Failed to allocate (*dec_op_data)->inputData.pData\n");
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_INPUT_DATA_MALLOC_FAILURE);
return 0;
}
if (alloc_pad)
(*dec_op_data)->inputData.dataLenInBytes = rsa_len;
else
(*dec_op_data)->inputData.dataLenInBytes = flen;
*output_buffer = OPENSSL_malloc(sizeof(CpaFlatBuffer));
if (NULL == *output_buffer) {
WARN("Failed to allocate output_buffer\n");
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_OUTPUT_BUF_MALLOC_FAILURE);
return 0;
}
/*
* Memory allocation for DecOpdata[IN] the size of outputBuffer
* should big enough to contain RSA_size
*/
(*output_buffer)->pData =
(Cpa8U *) qaeCryptoMemAlloc(rsa_len, __FILE__, __LINE__);
if (NULL == (*output_buffer)->pData) {
WARN("Failed to allocate output_buffer->pData\n");
QATerr(QAT_F_BUILD_DECRYPT_OP_BUF, QAT_R_RSA_OUTPUT_BUF_PDATA_MALLOC_FAILURE);
return 0;
}
(*output_buffer)->dataLenInBytes = rsa_len;
DEBUG("- Finished\n");
return 1;
}
